The Internet and Internet-based applications, services and functions have been globally expanding at a tremendous pace. Both newly developed industries and traditional industries are becoming more and more reliant on the Internet. Some of these industries and systems handle sensitive information such as electronic commerce, financial services and government affairs. Because the Internet is very different from traditional environments, many malice and even illegal Internet-based behaviors have been spreading with little restriction. The damages arising from such activities have become very serious, and severely hinder the further development of the Internet and the Internet-based applications, services and functions.
Among various illegal Internet-based attacks, illegal acquisition of account information of others has been on the rise. Using methods such as virus, Trojans, frauds and phishing, for example, unauthorized persons can obtain the bank account information of others and steal money from their accounts to incur loss to them. Similar to bank account information, other Internet-based applications are also facing the same threat of illegal attacks.
Due to these activities, simply relying on password-based user identity verification may no longer be sufficient for some operations, functions or services. In order to solve these problems and provide more effective user identity verification, proposals such as digital certificate, dynamic password, dynamic token ring, telephone verification and text message verification have been suggested. Because of the convenience offered, telephone verification and text message verification have received increasing attention and become more popular.
In general, text message verification refers to a technique in which a system sends a verification code to a user in the form of a text message after the user has requested a certain type of an operation, function or service. The user enters the verification code following the instructions given by the system to verify the user identity. The system may continue to complete the fund transfer for the user only after the user has successfully verified the user identity using the verification code sent to him or her. If the user fails to verify the identity using the correct verification code, the system may deny the requested transaction. One example of the type of operation or service that may need such user identity verification is a transfer transaction through an online bank. A fund transfer transaction may be considered a heightened security risk, so the system may require an extra layer of security in addition to the regular password-based logon.
Different from the text message verification, telephone verification sends a verification code through a voice call. When a user requests a transfer transaction through an online bank, for example, a system calls the user and tells the user a verification code for the transaction. It can be done using either a human operator or an automatic voice system. The user hears the verification code and uses it to verify the identification. Only after the user successfully verifies the identification using the verification code will the system continue to complete the related function or service
The above two examples of verification methods, namely text message verification and telephone verification, have received widespread use in your various practical environments and conditions, especially in online banks and third-party online payment platforms. However, due to reasons described below, these two verification methods have limitations which prevent further development and expansion of these methods, and affect their effectiveness of identity verification in practice.
Since text message verification does not guarantee arrival of the text messages, message delay or loss often exists. If a text message is not timely arrived to a user, an associated transaction may not proceeds normally and may severely affect user experience. Moreover, the use of the text message verification is greatly limited by the types of the phones used by the users. For example, because most landline phones cannot accept text messages, it may not be possible to promote the text message verification and provide the respective service to users of the landline phones in the short run.
Although telephone verification may prevent risks arising from delay or loss of text messages, the telephone verification suffer an accuracy problem. Since a verification code is sent through voice calling, sometimes it may be hard for a user to hear or memorize the verification code accurately and easily. In addition, because of the existence of different languages and dialects, sending a verification code through voice calling encounters a lot of communication difficulties. For instance, users of some geographical locations may have a poor command of the language (e.g., Mandarin) that is used for voice calling and may have difficulty in listening accurately the verification code being sent. Moreover, telephone verification has a relatively high cost and is not propitious for implementation and promotion. Implementing telephone verification may require long distance calls and even international long distance calls because service platforms provided by service providers are based upon the Internet, and users of the service platforms may spread over the world. Such conditions would mandate high communication costs and can be unacceptable for many service providers.